- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Sat, 31 Jan 2015 18:02:57 +0100
- To: "public-web-security@w3.org" <public-web-security@w3.org>
The general feeling among folks I talk to is that we should leave the browser "as is" and rather settle for local security-services running on "localhost" accessed through HTTP Redirect, XHR or WebSockets. IMO, this is a poor solution both from security and GUI point-of-view but OTOH it doesn't require any standardization work; it is in fact already in extensive use for both APDU and PKCS #11 level access. If you "Connect the Dots" you may find that the scheme above points to a possible development path in an entirely different direction than discussed in Mountain View. Anders
Received on Saturday, 31 January 2015 17:03:27 UTC